No person under the age of 16 or who is a minor under his/her local legislation is eligible to use the Service. If you access the Services from a Social Networking Site (“SNS”), such as Facebook or Google+, you shall comply with its terms of service/use as well as these Terms. By using the Services (or installing any game or clicking to accept or agree to the Terms when this option is made available to you), you accept and agree to be legally bound by these Terms and our privacy notice, found at (“Privacy Notice”), which is hereby expressly incorporated herein by reference. Please read these Terms carefully before you start to use the Services. These Terms govern your use of our games provided on a mobile platform (for example, iOS and Android), online discussion boards and chats related to the games, websites (including and ) and other related services (collectively the “Services”). Phosphorus ended up collecting credentials from more than 900 Fortinet servers in the US, Europe, and Israel.The following terms of service (the “Terms”) constitutes an agreement between you (“user”, “you”) and Critical Force Oy, having its address at Kauppakatu 7, 87100 Kajaani, Finland, (business ID 2343741-6), (“Critical Force” “we,” “our” or “us”). The flaw allowed the hackers to harvest clear-text credentials used to remotely access the servers.
The group employs “aggressive brute force attacks” on targets, Microsoft added.Įarly this year, Microsoft said, Phosphorus scanned millions of Internet IP addresses in search of FortiOS systems that had yet to install the security fixes for CVE-2018-13379. The advisory comes a day after Microsoft reported that an Iranian-aligned group it calls Phosphorous is increasingly using ransomware to generate revenue or disrupt adversaries. The advisory said network security personnel should search for unrecognized accounts with special attention on usernames such as Support, Help, elie, and WADGUtilityAccount. Some of the accounts appear to mimic existing accounts, so the usernames are often different from targeted organization to targeted organization.
The hackers may have created new user accounts on the domain controllers, servers, workstations, and active directories of networks they compromised. Australian authorities said they also observed the group leveraging the Exchange flaw. Last month, the APT actors exploited Microsoft Exchange vulnerabilities that gave them initial access to systems in advance of follow-on operations. The latter attack likely involved Iranian-linked servers at 91.214.124143, 10, and 10. A month later, they hacked a US-based hospital specializing in health care for children. In May, the attackers targeted an unnamed US municipality, where they likely created an account with the username “elie” to further burrow into the compromised network. The hackers then initiate follow-on operations that include deploying ransomware. The advisory said that the FBI and CISA have observed the group exploit Fortinet vulnerabilities since at least March and Microsoft Exchange vulnerabilities since at least October to gain initial access to systems. These Iranian government-sponsored APT actors can leverage this access for follow-on operations, such as data exfiltration or encryption, ransomware, and extortion.” “FBI, CISA, ACSC, and NCSC assess the actors are focused on exploiting known vulnerabilities rather than targeting specific sectors. “The Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple US critical infrastructure sectors, including the Transportation Sector and the Healthcare and Public Health Sector, as well as Australian organizations,” the advisory stated. The advisory was released by the FBI, US Cybersecurity and Infrastructure Security Agency, the UK’s National Cyber Security Center, and the Australian Cyber Security Center.
All of the identified vulnerabilities have been patched, but not everyone who uses the products has installed the updates. Organizations responsible for critical infrastructure in the US are in the crosshairs of Iranian government hackers, who are exploiting known vulnerabilities in enterprise products from Microsoft and Fortinet, government officials from the US, UK, and Australia warned on Wednesday.Ī joint advisory published Wednesday said an advanced-persistent-threat hacking group aligned with the Iranian government is exploiting vulnerabilities in Microsoft Exchange and Fortinet’s FortiOS, which forms the basis for the latter company’s security offerings.